module.exports = () => {
    return async function cors (ctx, next) {
        const start = Date.now();
        const PATH = ctx.originalUrl;
        await next();
        const ms = Date.now() - start;
        ctx.set('X-Response-Time', `${ms}ms`);
        // Access-Control-Allow-Credentials 设置为true会和 Access-Control-Allow-Origin":"*" 冲突的
        ctx.set("Access-Control-Allow-Credentials", false);
        // 这里获取 origin 请求头 而不是用 *
        ctx.set("Access-Control-Allow-Origin", "*");
        ctx.set("Access-Control-Allow-Headers", "X-Requested-With,Content-Type,Authorization,Token");
        ctx.set("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS,HEADER");
      }
}